/**
 * @license
 * Copyright 2013 Google Inc. All rights reserved.
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

/**
 * @fileoverview Test data for verifying ECDH. The test vectors were
 *     downloaded from http://csrc.nist.gov/groups/STM/cavp/.
 * @author thaidn@google.com (Thai Duong)
 */

goog.provide('e2e.cipher.ecdhTestData');
goog.setTestOnly();


/**
 * KDF params, as specified in http://tools.ietf.org/html/rfc6637#section-9.
 */
e2e.cipher.ecdhTestData.kdfInfo = [
  0x3, 0x1, 0x8 /* SHA256 Algo ID*/, 0x7 /* AES-128 Algo ID */];


/**
 * The private key.
 */
e2e.cipher.ecdhTestData.privKey = [
  0x70, 0xa1, 0x2c, 0x2d, 0xb1, 0x68, 0x45, 0xed,
  0x56, 0xff, 0x68, 0xcf, 0xc2, 0x1a, 0x47, 0x2b,
  0x3f, 0x04, 0xd7, 0xd6, 0x85, 0x1b, 0xf6, 0x34,
  0x9f, 0x2d, 0x7d, 0x5b, 0x34, 0x52, 0xb3, 0x8a];


/**
 * The public key in uncompressed point format.
 */
e2e.cipher.ecdhTestData.pubKey = [0x4, /* uncompressed */
  // x
  0x81, 0x01, 0xec, 0xe4, 0x74, 0x64, 0xa6, 0xea,
  0xd7, 0x0c, 0xf6, 0x9a, 0x6e, 0x2b, 0xd3, 0xd8,
  0x86, 0x91, 0xa3, 0x26, 0x2d, 0x22, 0xcb, 0xa4,
  0xf7, 0x63, 0x5e, 0xaf, 0xf2, 0x66, 0x80, 0xa8,
  // y
  0xd8, 0xa1, 0x2b, 0xa6, 0x1d, 0x59, 0x92, 0x35,
  0xf6, 0x7d, 0x9c, 0xb4, 0xd5, 0x8f, 0x17, 0x83,
  0xd3, 0xca, 0x43, 0xe7, 0x8f, 0x0a, 0x5a, 0xba,
  0xa6, 0x24, 0x07, 0x99, 0x36, 0xc0, 0xc3, 0xa9];


// Data for interoperability testing with gpg-ecc.


/**
 * The public key of the receiver in uncompressed point format.
 */
e2e.cipher.ecdhTestData.gpgEccPubKey = [0x4,
  // x
  0xCA, 0x59, 0x52, 0xD4, 0x83, 0x7A, 0xB5, 0x21,
  0x15, 0xFB, 0x85, 0x62, 0x55, 0xAC, 0xBD, 0x65,
  0xB0, 0xD6, 0xC3, 0x12, 0x78, 0x12, 0xEE, 0xF9,
  0x9D, 0x64, 0x2A, 0x91, 0xB2, 0x12, 0x50, 0x07,
  // y
  0x4E, 0x5F, 0xFF, 0x72, 0x03, 0xC8, 0x4F, 0x0E,
  0xD4, 0x0D, 0x8E, 0x12, 0x50, 0x15, 0x7E, 0x77,
  0xF4, 0x33, 0x58, 0x83, 0xD8, 0x8F, 0x44, 0x4B,
  0x22, 0xEA, 0x41, 0xEE, 0xBB, 0x9E, 0x64, 0xC7];


/**
 * The fingerprint of the receiver's public key.
 */
e2e.cipher.ecdhTestData.gpgEccPubKeyFingerprint = [
  0xED, 0xDF, 0x34, 0x5E, 0xD3, 0xD6, 0x28, 0xCE,
  0xA4, 0x15, 0x75, 0x52, 0xED, 0x0B, 0xD4, 0x22,
  0x6C, 0x98, 0x3B, 0x4F];


/**
 * The per-message secret nonce.
 */
e2e.cipher.ecdhTestData.gpgEccNonce = [
  0x6E, 0x69, 0xC3, 0x36, 0xF7, 0x0D, 0xB6, 0xC5,
  0xB8, 0x2D, 0xFC, 0x85, 0x2B, 0x40, 0xBB, 0x25,
  0x26, 0x68, 0xCD, 0x14, 0x2A, 0xB9, 0x7E, 0x0E,
  0x10, 0x3D, 0x21, 0xD3, 0xBC, 0x93, 0xF2, 0x30];


/**
 * The shared secret.
 */
e2e.cipher.ecdhTestData.gpgEccSecret = [
  0x5A, 0x1B, 0x19, 0x85, 0xB4, 0x06, 0xB0, 0xD9,
  0xCA, 0xC5, 0xD9, 0x06, 0x86, 0x84, 0x73, 0xDE,
  0xC7, 0x05, 0xBA, 0xFE, 0x29, 0x3F, 0xB2, 0x0F,
  0xE9, 0x0E, 0xEF, 0x28, 0x92, 0xF5, 0xFD, 0x06];


/**
 * The key-encrypting key.
 */
e2e.cipher.ecdhTestData.gpgEccKek = [
  0xE6, 0x49, 0x76, 0xB9, 0xE3, 0x06, 0xB6, 0xB0,
  0xF0, 0xF8, 0x9F, 0x76, 0xA5, 0x9D, 0x2B, 0x54];


/**
 * The message (e.g., the encoded session key).
 */
e2e.cipher.ecdhTestData.gpgEccMessage = [
  0x09, 0xA2, 0xA9, 0x1F, 0x8D, 0x94, 0x55, 0x3F,
  0x65, 0x9F, 0x5F, 0x86, 0x64, 0x85, 0x25, 0xE4,
  0x51, 0xD1, 0xC7, 0x9F, 0xEA, 0xC4, 0x43, 0xB5,
  0xEF, 0xDA, 0xD2, 0x49, 0x59, 0xDA, 0x55, 0x0D,
  0x38, 0x10, 0xD9, 0x05, 0x05, 0x05, 0x05, 0x05];


/**
 * The encrypted result.
 */
e2e.cipher.ecdhTestData.gpgEccCiphertext = [
  0xE9, 0x49, 0xFA, 0xBF, 0x54, 0x45, 0x9A, 0x04,
  0x75, 0xE7, 0x61, 0x21, 0xB9, 0x22, 0x3F, 0x18,
  0x81, 0xCB, 0x23, 0x5F, 0x04, 0x1B, 0x90, 0x6C,
  0x97, 0x93, 0x60, 0x14, 0xD6, 0x9C, 0xE9, 0x70,
  0x53, 0x2C, 0x3D, 0x77, 0xF2, 0xBD, 0xDE, 0xAE,
  0x7D, 0x86, 0xB6, 0x12, 0xF4, 0x1C, 0xA2, 0x84];


// Test data for a message whose ECDH shared secret first byte is a 0x00.
// Test data was produced using GnuPG 2.1.5, full OpenPGP test case will be
// added to OpenPGP compatibility_test.
/**
 * The private key.
 */
e2e.cipher.ecdhTestData.gpgEccPrivKey2 = [
  0x95, 0x90, 0x24, 0x3D, 0x20, 0xB0, 0x91, 0xA1, 0xD9, 0xA0, 0x0F, 0xB0, 0x77,
  0x2F, 0x5F, 0xCC, 0x0E, 0x1F, 0x8E, 0xFC, 0x5F, 0xEE, 0xD5, 0x4D, 0x34, 0x1A,
  0xDD, 0x07, 0x40, 0xAD, 0xC4, 0xB3, 0x5D, 0xD0, 0xF2, 0x32, 0xE0, 0xA7, 0xC1,
  0xCB, 0x00, 0x87, 0xBD, 0x85, 0x66, 0x6E, 0xE8, 0xA9];


/**
 * KDF info - SHA 512 and
 * @type {Array}
 */
e2e.cipher.ecdhTestData.gpgEccKdfInfo2 = [
  0x03, 0x01, 0x09 /* SHA384 Algo ID*/, 0x09 /* AES256 Algo ID*/];


/**
 * The fingerprint of the receiver's public key.
 */
e2e.cipher.ecdhTestData.gpgEccPubKeyFingerprint2 = [
  0x76, 0xEF, 0x8D, 0x35, 0xCA, 0x20, 0xE2, 0xC8, 0x66, 0xE3, 0x28, 0xA8, 0x1C,
  0x64, 0xD9, 0xA9, 0xBA, 0x0E, 0x62, 0xB0];


/**
 * The ciphertext.
 */
e2e.cipher.ecdhTestData.gpgEccCiphertext2 = {
  // ephemeral key
  'v': [
    0x04,
    // x
    0x4A, 0xF9, 0x76, 0x2F, 0xCF, 0xFB, 0x78, 0x64, 0x78, 0xC4, 0xA5, 0x6C,
    0x5A, 0x53, 0xBF, 0x66, 0x27, 0x55, 0xCC, 0x79, 0x66, 0x62, 0x0B, 0xAE,
    0xBF, 0x7A, 0x92, 0x50, 0x96, 0x41, 0x4E, 0x8F, 0x61, 0x3C, 0xC5, 0x21,
    0x1F, 0x95, 0xB5, 0xC6, 0xDC, 0x8F, 0x49, 0x10, 0xFA, 0xD7, 0xF9, 0x46,
    // y
    0x57, 0x2E, 0xD5, 0xA6, 0xE3, 0xCF, 0xE5, 0x78, 0x2D, 0x78, 0xE6, 0x57,
    0x47, 0xC5, 0xE4, 0x3C, 0x86, 0xEB, 0x9A, 0x9D, 0xE3, 0x8B, 0x01, 0xC5,
    0x18, 0x24, 0xD7, 0xD4, 0xE9, 0x32, 0x7B, 0x78, 0xD5, 0x02, 0xCC, 0x5E,
    0xAC, 0x06, 0x5F, 0x35, 0x3A, 0xFF, 0x91, 0x93, 0x3B, 0xE4, 0xB3, 0xF2],
  // wrapped key data
  'u': [
    0xE2, 0xFF, 0xA4, 0xF7, 0x12, 0xC5, 0xE7, 0x8D, 0x81, 0x29, 0x82, 0x68,
    0xB5, 0x96, 0xA2, 0xD9, 0xFB, 0x9C, 0x10, 0xDB, 0x9F, 0x1D, 0xC7, 0x7D,
    0xDE, 0xAC, 0x2E, 0xBD, 0x96, 0x36, 0x38, 0x3F, 0x30, 0x6E, 0xDB, 0x61,
    0xCE, 0xEB, 0x0E, 0x99, 0x47, 0xBB, 0xE5, 0xCA, 0x69, 0xA9, 0x85, 0x40]
};


/**
 * The message (e.g., the encoded session key).
 */
e2e.cipher.ecdhTestData.gpgEccMessage2 = [
  0x09, 0xC8, 0xEB, 0x3B, 0xBE, 0x02, 0x12, 0x8A, 0x32, 0x9E, 0xE1, 0x7D, 0x75,
  0xEF, 0x81, 0x51, 0xB2, 0x86, 0x0C, 0xDA, 0x8F, 0xBD, 0x4D, 0x2C, 0x38, 0x37,
  0xAD, 0x7A, 0xF2, 0x4B, 0x3D, 0x59, 0x9D, 0x0F, 0x97, 0x05, 0x05, 0x05, 0x05,
  0x05];
